Am 30.10.2013 12:16, schrieb Thomas Bruederli:
Charles McNulty wrote:
If I can get some answers to these questions, I'd love to start developing this.
That would be just great!
The initial idea was indeed to store the message body in plain text and make sure it only remains in local storage if the session timed out and the message could neither be sent nor saved as draft.
Or if it could be saved as a draft some time, but if the last attempt(s) failed for whatever reason (i.e. unstable Internet connection which does not necessarily lead to a session timeout).
If we want some sort of encryption for these contents, I propose to start with a simple DES or AES encryption using a key that is derived from the user ID and the Roundcube's des_key config option. That would at least deny access to the contents for other users of the same webmail as well as for direct access to the local storage through the browser's console.
I second that. Although I could even live with unencrypted data (at least better than with no local storage at all).
Cheers,
Michael Heydekamp Co-Admin freexp.de Düsseldorf/Germany